2015-10-04 16:42:04 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfg = config.makefu.tinc_graphs;
|
|
|
|
internal_dir = "${cfg.workingDir}/internal";
|
|
|
|
external_dir = "${cfg.workingDir}/external";
|
|
|
|
|
|
|
|
out = {
|
|
|
|
options.makefu.tinc_graphs = api;
|
2015-10-04 18:55:36 +02:00
|
|
|
config = mkIf cfg.enable imp ;
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
api = {
|
2015-10-04 18:55:36 +02:00
|
|
|
enable = mkEnableOption "tinc graphs";
|
2015-10-04 16:42:04 +02:00
|
|
|
|
|
|
|
geodbPath = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = "Path to geocitydb, defaults to geolite-legacy";
|
2015-10-04 18:55:36 +02:00
|
|
|
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
|
|
|
|
};
|
|
|
|
|
|
|
|
krebsNginx = {
|
|
|
|
# configure krebs nginx to serve the new graphs
|
|
|
|
enable = mkEnableOption "tinc_graphs nginx";
|
|
|
|
|
2015-10-04 22:29:30 +02:00
|
|
|
hostnames_complete = mkOption {
|
2015-10-04 18:55:36 +02:00
|
|
|
#TODO: this is not a secure way to serve these graphs,better listen to
|
|
|
|
# the correct interface, krebs.nginx does not support this yet
|
|
|
|
|
|
|
|
type = with types; listOf str;
|
|
|
|
description = "hostname which serves complete graphs";
|
2015-10-04 22:29:30 +02:00
|
|
|
default = [ "graphs.${config.krebs.build.host.name}" ];
|
2015-10-04 18:55:36 +02:00
|
|
|
};
|
|
|
|
|
2015-10-04 22:29:30 +02:00
|
|
|
hostnames_anonymous = mkOption {
|
2015-10-04 18:55:36 +02:00
|
|
|
type = with types; listOf str;
|
|
|
|
description = ''
|
|
|
|
hostname which serves anonymous graphs
|
|
|
|
must be different from hostname_complete
|
|
|
|
'';
|
2015-10-04 22:29:30 +02:00
|
|
|
default = [ "anongraphs.${config.krebs.build.host.name}" ];
|
2015-10-04 18:55:36 +02:00
|
|
|
};
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
workingDir = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
Path to working dir, will create interal and external/.
|
|
|
|
Defaults to the new users home dir which defaults to
|
|
|
|
/var/cache/tinc_graphs'';
|
2015-10-04 18:55:36 +02:00
|
|
|
default = config.users.extraUsers.tinc_graphs.home;
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
timerConfig = mkOption {
|
|
|
|
type = with types; attrsOf str;
|
|
|
|
default = {
|
|
|
|
OnCalendar = "*:0/15";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
imp = {
|
2015-10-04 18:55:36 +02:00
|
|
|
environment.systemPackages = [ pkgs.tinc_graphs];
|
2015-10-04 16:42:04 +02:00
|
|
|
systemd.timers.tinc_graphs = {
|
|
|
|
description = "Build Tinc Graphs via via timer";
|
2015-10-07 15:21:24 +02:00
|
|
|
wantedBy = [ "timers.target"];
|
2015-10-04 16:42:04 +02:00
|
|
|
timerConfig = cfg.timerConfig;
|
|
|
|
};
|
|
|
|
systemd.services.tinc_graphs = {
|
|
|
|
description = "Build Tinc Graphs";
|
2015-10-04 18:55:36 +02:00
|
|
|
environment = {
|
|
|
|
EXTERNAL_FOLDER = external_dir;
|
|
|
|
INTERNAL_FOLDER = internal_dir;
|
|
|
|
GEODB = cfg.geodbPath;
|
2015-10-04 22:29:30 +02:00
|
|
|
TINC_HOSTPATH=config.krebs.retiolum.hosts;
|
2015-10-04 18:55:36 +02:00
|
|
|
};
|
2015-10-04 16:42:04 +02:00
|
|
|
|
|
|
|
restartIfChanged = true;
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "simple";
|
2015-10-04 22:29:30 +02:00
|
|
|
|
2015-10-04 18:55:36 +02:00
|
|
|
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
2015-10-04 16:42:04 +02:00
|
|
|
#!/bin/sh
|
2015-10-04 18:55:36 +02:00
|
|
|
mkdir -p "${external_dir}" "${internal_dir}"
|
2015-10-04 16:42:04 +02:00
|
|
|
'';
|
2015-10-04 22:29:30 +02:00
|
|
|
|
2015-10-04 16:42:04 +02:00
|
|
|
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
2015-10-04 22:29:30 +02:00
|
|
|
|
|
|
|
ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
|
|
|
|
#!/bin/sh
|
|
|
|
# TODO: this may break if workingDir is set to something stupid
|
|
|
|
# this is needed because homedir is created with 700
|
|
|
|
chmod 755 "${cfg.workingDir}"
|
|
|
|
'';
|
|
|
|
|
|
|
|
User = "root"; # tinc cannot be queried as user,
|
2015-10-04 18:55:36 +02:00
|
|
|
# seems to be a tinc-pre issue
|
2015-10-04 16:42:04 +02:00
|
|
|
privateTmp = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
users.extraUsers.tinc_graphs = {
|
|
|
|
uid = 3925439960; #genid tinc_graphs
|
2015-10-04 22:29:30 +02:00
|
|
|
home = "/var/spool/tinc_graphs";
|
2015-10-04 16:42:04 +02:00
|
|
|
createHome = true;
|
|
|
|
};
|
2015-10-04 18:55:36 +02:00
|
|
|
|
|
|
|
krebs.nginx.servers = mkIf cfg.krebsNginx.enable {
|
|
|
|
tinc_graphs_complete = {
|
|
|
|
server-names = cfg.krebsNginx.hostnames_complete;
|
|
|
|
locations = [
|
|
|
|
(nameValuePair "/" ''
|
2015-10-04 22:29:30 +02:00
|
|
|
autoindex on;
|
2015-10-04 18:55:36 +02:00
|
|
|
root ${internal_dir};
|
|
|
|
'')
|
|
|
|
];
|
|
|
|
};
|
|
|
|
tinc_graphs_anonymous = {
|
|
|
|
server-names = cfg.krebsNginx.hostnames_anonymous;
|
|
|
|
locations = [
|
|
|
|
(nameValuePair "/" ''
|
2015-10-04 22:29:30 +02:00
|
|
|
autoindex on;
|
2015-10-04 18:55:36 +02:00
|
|
|
root ${external_dir};
|
|
|
|
'')
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
in
|
|
|
|
out
|